Closed Bug 833531 Opened 8 years ago Closed 8 years ago

DOMApplicationRegistry.startDownload() fails to specify installOrigin to downloadPackage()

Categories

(Core Graveyard :: DOM: Apps, defect)

defect
Not set
normal

Tracking

(blocking-b2g:tef+, firefox19 wontfix, firefox20 wontfix, firefox21 fixed, b2g18 fixed, b2g18-v1.0.0 fixed)

VERIFIED FIXED
mozilla21
blocking-b2g tef+
Tracking Status
firefox19 --- wontfix
firefox20 --- wontfix
firefox21 --- fixed
b2g18 --- fixed
b2g18-v1.0.0 --- fixed

People

(Reporter: myk, Assigned: myk)

References

Details

Attachments

(1 file)

DOMApplicationRegistry.startDownload() passes a literal object that does not specify an installOrigin property as the argument to the aApp parameter of the DOMApplicationRegistry.downloadPackage() function. <https://github.com/mozilla/mozilla-central/blob/54d68d7b8433c9b34a025d921e79e7a9830181e5/dom/apps/src/Webapps.jsm#L987-L991>

But downloadPackage() checks that aApp.installOrigin is in dom.mozApps.signed_apps_installable_from and throws INSTALL_FROM_DENIED if it isn't. <https://github.com/mozilla/mozilla-central/blob/54d68d7b8433c9b34a025d921e79e7a9830181e5/dom/apps/src/Webapps.jsm#L2110-L2131>

So preloaded packaged stub app updates fail with INSTALL_FROM_DENIED.  And presumably non-stub updates will also fail, as might non-preloaded updates (although I haven't tested these).

Note that I've only tested with B2G Desktop so far.  But the codepath in question does not appear to be desktop-specific, so this seems unlikely to be a desktop-specific bug.
Attachment #705074 - Flags: review?(fabrice)
blocking-b2g: --- → tef?
s/as the argument/in the argument/
Comment on attachment 705074 [details] [diff] [review]
patch v1: defines installOrigin

Review of attachment 705074 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks Myk!
Attachment #705074 - Flags: review?(fabrice) → review+
You probably are going to want ask for approval on this patch...
Comment on attachment 705074 [details] [diff] [review]
patch v1: defines installOrigin

[Approval Request Comment]
Bug caused by (feature/regressing bug #): unclear
User impact if declined: At least some (and possibly all) external (i.e. third-party) packaged app updates will fail to install, including preloaded apps and those installed by the user from Marketplace.
Testing completed: I tested with a preloaded packaged app stub on the latest nightly build of B2G Desktop.
Risk to taking this patch (and alternatives if risky): The fix is obvious and seems low-risk.  There is no alternative.
String or UUID changes made by this patch: None.
Attachment #705074 - Flags: approval-mozilla-b2g18?
https://hg.mozilla.org/mozilla-central/rev/b659cd43cc69
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
Blocks: 833945
blocking-b2g: tef? → tef+
Attachment #705074 - Flags: approval-mozilla-b2g18?
Whiteboard: [qa-]
Will verify by testing an app update with the stub.
Keywords: verifyme
Whiteboard: [qa-]
FWIW, this bug might have broken all packaged app updates, so it's worth checking that an app installed from Marketplace can be updated to a new version of the app now that the fix has been applied.
QA Contact: jsmith
Landed on mozilla-b2g18/gaia master prior to the 1/25 branching to mozilla-b2g18_v1_0_0/v1.0.0, updating status-b2g-v1.0.0 to fixed.
Verified - app updates are working with packaged apps & I was successfully able to complete an update with the packaged app stub.
Status: RESOLVED → VERIFIED
Keywords: verifyme
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.